CVE-2024-32981 XSS Vulnerability with text/html base64-encoded payload

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Severity:: Medium (?)
Identifier:: CVE-2024-32981
Versions Affected:: silverstripe/framework: <5.2.16
Versions Fixed:: silverstripe/framework: 5.2.16

A specially crafted XSS payload could be inserted into a field in the CMS when logged in as a CMS user with regular permissions. This XSS could be executed either in the CMS or on the front-end of the website.

Base CVSS: 5.4
Reported by: Jack Wallace from Bastion Security

References

XSS vulnerability with encoded payload